<?php
	// error_reporting(1);
	include('includes/db_connect.php');

	switch ($_GET['act']) {
		case 1:

			$uploaddir = 'images/';

			// $isUpload = $uploaddir."guest.png";
			$isUpload = "";
			$sql = "INSERT INTO complaints (date_complaint,
						guest_email,
						ci_date,
						co_date,
						guest_name,
						villa_no,
						nationality,
						complaint_title,
						category_id,
						description,
						recovery_action,
						further_follow_up,
						follow_up,
						compensation,
						price,
						recovery,
						created_by,
						source,
						photo,
						date_issue)
					VALUES (
						'".mysql_real_escape_string($_POST['date_complaint'])."',
						'".mysql_real_escape_string($_POST['guest_email'])."',
						'".mysql_real_escape_string($_POST['ci_date'])."',
						'".mysql_real_escape_string($_POST['co_date'])."',
						'".mysql_real_escape_string($_POST['guest_name'])."',
						'".mysql_real_escape_string($_POST['villa_no'])."',
						'".mysql_real_escape_string($_POST['nationality'])."',
						'".mysql_real_escape_string($_POST['complaint_title'])."',
						'".mysql_real_escape_string($_POST['category_id'])."',
						'".mysql_real_escape_string($_POST['description'])."',
						'".mysql_real_escape_string($_POST['recovery_action'])."',
						'".mysql_real_escape_string($_POST['further_follow_up'])."',
						'".mysql_real_escape_string($_POST['follow_up'])."',
						'".mysql_real_escape_string($_POST['compensation'])."',
						'".mysql_real_escape_string($_POST['price'])."',
						'".mysql_real_escape_string($_POST['recovery'])."',
						'".mysql_real_escape_string($_POST['created_by'])."',
						'".mysql_real_escape_string($_POST['source'])."',
						'".$isUpload."',
						NOW())";
			echo $sql;
			$query = mysql_query($sql);
			if ($query) {
				header('Location: complaints_photo.php?id='.mysql_insert_id());
			}

			break;
		case 2:

			$sql = "UPDATE complaints SET
				date_complaint = '".mysql_real_escape_string($_POST['date_complaint'])."',
				guest_email = '".mysql_real_escape_string($_POST['guest_email'])."',
				ci_date = '".mysql_real_escape_string($_POST['ci_date'])."',
				co_date = '".mysql_real_escape_string($_POST['co_date'])."',
				guest_name = '".mysql_real_escape_string($_POST['guest_name'])."',
				villa_no = '".mysql_real_escape_string($_POST['villa_no'])."',
				nationality = '".mysql_real_escape_string($_POST['nationality'])."',
				complaint_title = '".mysql_real_escape_string($_POST['complaint_title'])."',
				category_id = '".mysql_real_escape_string($_POST['category_id'])."',
				description = '".mysql_real_escape_string($_POST['description'])."',
				recovery_action = '".mysql_real_escape_string($_POST['recovery_action'])."',
				follow_up = '".mysql_real_escape_string($_POST['follow_up'])."',
				compensation = '".mysql_real_escape_string($_POST['compensation'])."',
				price = '".mysql_real_escape_string($_POST['price'])."',
				recovery = '".mysql_real_escape_string($_POST['recovery'])."',
				further_follow_up = '".mysql_real_escape_string($_POST['further_follow_up'])."',
				created_by = '".mysql_real_escape_string($_POST['created_by'])."',
				source = '".mysql_real_escape_string($_POST['source'])."'
			WHERE id = '".$_POST['id']."'";
			// echo $sql;
			$query = mysql_query($sql);
			if ($query) {
				header('Location: complaints.php');
			}
			break;
		case 3:
			$sql = "DELETE FROM complaints WHERE id = '".$_GET['id']."'";
			// echo $sql;
			$query = mysql_query($sql);
			if ($query) {
				header('Location: complaints.php');
			}
			break;
		case 4:
			$sql = "UPDATE complaints SET
				status = '1'
			WHERE id = '".$_GET['id']."'";
			// echo $sql;
			$query = mysql_query($sql);
			if ($query) {
				header('Location: complaints.php');
			}
			break;
		case 5:
			$sql = "UPDATE complaints SET
				status = '0'
			WHERE id = '".$_GET['id']."'";
			// echo $sql;
			$query = mysql_query($sql);
			if ($query) {
				header('Location: complaints.php');
			}
			break;
    case 6:
    // photo = 'images/guest.png'
      $sql = "UPDATE complaints SET
        photo = ''
      WHERE id = '".$_GET['id']."'";
      // echo $sql;
      $query = mysql_query($sql);
      if ($query) {
        header('Location: complaint_edit.php?id='.$_GET['id']);
      }
      break;
		case 7:

      $sql = "SELECT * FROM complaints WHERE id = '".$_GET['id']."'";
      $query = mysql_query($sql);
      $data = mysql_fetch_array($query);

      if (file_exists($data['photo'])) {
        unlink($data['photo']);
      }
      if (file_exists($data['thumb'])) {
        unlink($data['thumb']);
      }
			$sql = "UPDATE complaints SET
        photo = '',
				thumb = ''
			WHERE id = '".$_GET['id']."'";
			// echo $sql;
			$query = mysql_query($sql);
			if ($query) {
        // header('Location: complaints_photo.php?id='.$_GET['id']);
				header('Location: complaints.php');
			}
			break;
	}


?>